Volume 16, Issue 29
Week of August 12, 2013
SNS: Special Letter: All Your Data is Being Stolen as You Read This
- A Bit of Background
- Network vs. Apps
- Expressed Concerns
- A Bit of Tech Talk
- Where Do We Go from Here?
- About Kevin Surace
Publisher’s Note: Something interesting has been happening in the world of cyber attacks, and very few outside the security establishment have noticed it yet although it involves everyone reading this Special Letter.
Not long ago, security officials reported that hackers working for the Iranian government had mounted a series of extensive DDoS (distributed denial of service) attacks on Western banks. The motivation seemed clear: a response to sanctions against Iran over its ongoing nuclear program; and the results, to the public at least, predictable: a hassle.
DDoS attacks, after all, were historically considered the sledge hammer in a mostly surgical hacker toolset. Using botnets to array hundreds, or thousands, of servers to send simultaneous requests to a single Web server usually had the intended function: it overwhelmed the server, or at least made it difficult-to-impossible for the victim companys customers to access its services online. As time progressed, companies have found increasingly better ways to deal with these problems, and while they remain a threat, they have dropped down the ladder of worry.
But that was then.
Since around the time of the Iranian attacks, a new concern has emerged among those who make a living studying cyber crime and espionage: What if DDoS attacks are just a part of larger attacks?
Today, one level of the state of the art in cyber offense is to use DDoSs as both a distraction and a way of softening a targets defenses, so that while the victim company is busy dealing with the massive onslaught of fake Web requests, one or more additional teams are working on breaking into the companys network and stealing secrets.
Indeed, such multisource attacks are now becoming common, and the use of DDoSs as just one of the tools in a single attack is no longer in doubt as a technique. As if that were not enough to worry about, DDoSs have another benefit to offer would-be cyber attackers: they can put so much stress on the applications layer that integrity is compromised and new entry points for the bad guys magically appear.
In this weeks Special Letter, longtime member and serial Valley entrepreneur Kevin Surace describes this problem in clear detail and offers a much-needed new solution set. The good news: that software you bought that beefs up firewalls and known virus attacks is doing pretty well on those. The bad news: the new attacks will go right around your defenses.
As I write, our INVNT/IP site specifically focused on stopping nation-sponsored theft of IP, including by cyber theft has been under DDoS attack for 24 hours. Thanks to prudent planning, there isn’t any private data there to be stolen. And we were careful as we began this work to set this server up separate from all our other servers, physically and technically.
Thanks to our terrific CTO, the site has not gone down or been inaccessible to our users since the onslaught began. But thanks to Kevin Surace, we’re now aware that the real attack may be happening on a different level.
I know that our members will want to learn about, understand, and be prepared for this new type of attack before it comes to them. –mra.